Cyber attacks have become increasingly frequent, and with it demand for cybersecurity services. While cyber threats have become a real problem for many companies, investors may turn to those building the defensive lines for more financial security.
A ransomware epidemic!
$18 billion was paid out to ransomware hackers in 2020, according to Emsisoft, which also counts "tens of thousands" of victims so far in 2021… The most pernicious recent events include the Colonial Pipeline and meat producer JBS attacks, attacks that have further highlighted the current ransomware problem.
Ransomware is a type of malware. Such attacks usually occur using a Trojan—a disguised file that a user mistakenly downloads from emails. However, the WannaCry worm method saw malware being transferred automatically between computers with no user interaction needed... Once downloaded on a company server, a victim’s files are encrypted, rendered inaccessible, and a ransom payment to decrypt the files is demanded, or else...
Earlier in December 2020, SolarWinds, a software product thousands of firms use, came under attack in what Microsoft’s Brad Smith called ‘’the largest and most sophisticated attack the world has ever seen’’.
In May, in what seemed to be a flurry of attacks, a standout attack targeted Colonial Pipeline and successfully shut down the 5,500 miles pipeline network. While the US gasoline markets did not react strongly to the problem, it could have been much worse if the attack had lingered on for longer. Colonial Pipeline CEO Mr. Blount quickly paid the $4.4M ransom in Bitcoin to criminals, $2.3M of which was later repossessed by the Justice department.
Earlier this month, Brazil-based meat producer JBS—who processes 20% of US’ meat—saw its operations stalled by ransomware attacks.
As a result of all this, French insurance group AXA suspended its cyber-insurance policy in France as a cyber-crime epidemic continues to strengthen its grip. AXA suspended this policy in France where $5.5B have been stolen via such cyber-attacks.
Keepers of the realm:
‘’White hat’’ Stocks
If you have read somewhere that cybersecurity stocks have lagged the broader market—it is fake news. The JBS and Colonial Pipeline attacks may not have bolstered the next stocks specifically, but the last year of attacks surely has:
- Fortinet has received an outperform rating reiteration by Cowen & Co, yesterday. At 62.44x, FTNT offers a trailing 12-month P/E ratio that is among the highest in its industry. Its security appliances offer the ability to run multiple security functions simultaneously, without a significant drop in throughput, enabled by Fortinet's unique custom-ASIC architecture.
- CrowdStrike reported first quarter earnings and revenues that topped estimates early this month and at 55.42x, CRWD offers a Price to Book Ratio that is among the highest in its industry. CrowdStrike is a leader in the Endpoint Protection Platform (EPP) market. EPP solutions help protect enterprises' internet connected devices from cyberattacks, and there is a market shift from signature based on-prem solutions to cloud-based platforms that use machine learning.
- Proofpoint launched the industry’s first cloud nation information protection and cloud service on June 8th, and is the company behind data loss prevention for Microsoft Teams. Proofpoint, Inc. engages in provision of security-as-a-service that enables large and mid-sized organizations worldwide to defend, protect, archive, and govern their most sensitive data. In April Thoma Bravo bought the email security provider for $12.37B.
- Palo Alto Networks showed Q3 earnings worth bragging about: PANW reported earnings of $1.38 per share which beat the $1.29 consensus of 33 analysts covering the company. Those analysts now estimate that the company will earn $1.43 per share next time around. Palo Alto Networks develops and sells network security gear, dubbed Next-Generation Firewalls, which protect customers' networks with the ability to read the content of the traffic (not only its address) and make decisions based on the type of application and a set of access policies.
See also sizable firms with large government contracts: Tenable Holdings, Rapid7, CyberArk and Qualys. Also, see Okta.
Unhackable ETFs: HACK, CIBR, and BUG
HACK is the Prime Cyber Security ETF tracking the industry. The fund has shares of 59 firms with net assets of $2.17B, and a one-year return of 36.17%. Its top three holdings are Cisco, BlackBerry, and Proofpoint (covered above).
First Trust Nasdaq ETF (CIBR) holds 40 companies with net assets equal to $3.66B, a one-year return of 42.01% and top holdings with Cisco, Accenture, and CrowdStrike.
BUG is Global X’s Cybersecurity ETF. The fund stresses investing in firms that are developing and managing security protocols for computer systems, software, and hardware devices. BUG holds 32 holdings, holdings that generate at least 50% of revenue from cybersecurity activities. With $361.4M in net assets, Zscaler, CrowdStrike and Fortinet, hold the bulk of the portfolio’s weight and helped return 45.37% in the last 365 days.
See also: WCBR, IHAK and UCYB,
Will the castle stand?
Private and public institutions now need to consider cybersecurity as more than an integral cost—they need to realize such services are cornerstone to 21st century business. Every industry is subject to attacks, but the Financial Times seems to argue that retail is the biggest target to ransomware attackers (see graphic).
Figure showing retail as main target to cyberattacks
In 2020, the number of data breaches in the United States alone recorded a tally of over 1000 cases, an improvement from the past fewer years. Over the course of this year, over 155 million people were affected by data exposures. 63 countries around the world have thus far been affected in 2020.
These exposures tend to be human error based, which also means that firms should make it a point to educate their workforce on cybersecurity concerns. In 2020, large companies have recorded an average $500,000 in costs related to hacks, but the median however is £30M…
Figure showing a rampant increase in the number of data breaches in the US
But Biden shows some love: as part of his rescue package, the president has set aside $690 million for the Cyber Security and Intelligence community, an effort to crackdown on cyber threats to its government entities. The president will put $200M towards increased cybersecurity tech and engineering hirings.
On the private side, M&A activity is boiling in IT and cybersecurity with private equity group Thoma Bravo acquiring Proofpoint recently for $12.37B, one of April’s biggest deals.
On the public entry side, we have seen Darktrace’s latest IPO pop by as much as 44% on the LSE. The IPO raised £165M and was considered a premium listing after Deliveroo’s embarrassing 26% trading debut drop.
Darktrace, which is valued just south of £2B, uses AI to spot intruders into a company’s network. Its revenues grew 45% to $200M in its most recent financial year.
